Thursday 23 July 2015

Active Directory Sites and Services, Operation Master, USN (Update Sequence Number and step

Active Directory Sites and Services
AD Sites and Services is use to design our network and to manage replication.
Terms use in Replication are :-
1. Site       It means any physical location or LAN.
2. Bandwidth      It is data carrying capacity of a network in bits per second.
3. Congestion      It means network traffic.
4. Replication      It means automatic update between the links or synchronization of data.                                 There are 2 types of replication :-
(i) Intersite replication          It means replication between the different sites.
(ii)Intrasite replication          It means replication within a site.

5. OC (Originating Changes)  The changes which are done by administrator.
6. RC (Replicating Changes)  The changes which are done automatically after replication.

7. Loose Consistency    It means replication is started but not yet completed in the entire                                        network.
8. Fully Converged       It means replication is completed in the entire network.

9. Site Link         This option is use to create links between the different sites.  It is use for                               intersite replication.
10.Site Link Bridge              This option is use to create link of different site links.  It is use for                                    faster replication.
11. Bridgehead Server or Preferred Bridgehead Server     It is DC which is selected for Intersite replication. We must configure atleast one Bridgehead Server in every site.


There are 4 logical partitions in AD :-
1. Schema Partition             It include objects and their attributes.
2. Configuration Partition      It include current configuration or the entries done in AD.
3. Application Partition          It include information about different services which are                                                         integrated with AD like DNS, DHCP etc.
4. Domain Partition              It include security policies of the domain.  It cannot replicate in                                                 the tree and forest. Every domain have different policies.

There are 6 objects which are must for replication :-
1. Server Object         It means DC.
2. NTDS Object           It means ntds.dit database should not be corrupt or include information                                 about the objects.
3. Connection  Object  It means there must be logical connection between both computers for replication purpose.   RPC (Remote Procedure Call) is connection object which can pull information from database of another computer.  KCC (Knowledge Consistency Checker) is component of RPC which can check and manage the working of RPC.

4. Cost Object     It means cost of replication. If bandwidth is less , then there will be more                                 cost of replication. By default cost is 100
5. Interval Object                It is time duration to complete any replication. By default it is 180                                   minutes and it can be set from 15 minutes to  7 days.



6. Schedule Object  It means we can set time-table for faster replication. For eg: twice a week.

Operation Master
It means DC which can play any FSMO role.

Multi-Operation Master  means DC which can play more than one FSMO roles.
By default GCS can play all 5 FSMO roles.

Single-Operation Master means DC which can play only one FSMO role at a time.

NOTE:   FSMO(Flexible Single Master Operation) or Fizmo  roles can be transfer but cannot                   replicate.

There are 5 FSMO roles :-
1. PDC (Primary Domain Controller) Emulator
This role is responsible for user authentication, user logon process, account lockout policy etc. If we are working in Mixed mode, then it also means Windows 2000 and 2003 DC can act as PDC (Pre-Windows 2000 DC) for down-level clients.
NOTE: PDC is first DC of Windows NT4 Domain and Emulator means agent.

2. RID (Relative Identifier) Master
This role is responsible to assign SID number to all the objects. It has latest information about all the objects.

3. Infrastructure Master
This role is responsible to store information about all the DCs and their objects within a domain. It is use for replication purpose.  It can get the latest information about any object from RID master.

4. Schema Master    
This role is responsible to store information about all the objects and their attributes. It is use in the domain, tree and forest.

5. Domain Naming Master
This role is responsible for naming convention or to store all the objects SID in the friendly manner.   It is responsible to join computer in the domain, to create trust etc.  It is also use in the domain, tree and forest.

USN (Update Sequence Number)
It is a number for an object which is use by DC for replication purpose. Only one DC can make replication at a time.  USN has 3 parts :-
1. GUID (Global Unique Identifier)   It means unique identification of a computer or it means unique information of computers in which replication will take place.
2. PVN (Property Version Number)  It is a number which can update automatically after any change is done in DC.  It can tell the information about latest updates or last changes in DC.
3. TS (Time Stamp)  It is date and time of replication. It can also tell the information about latest updates or last changes in DC.





NOTE: If PVN will conflict, then TS will be check. If TS will also be conflict, then GCS will be given preference for replication.  Only one DC will make replication at a time.


Rules for replication or synchronization :-
1. Data can never be broadcast.
2. Data can never be push, it is always pull.
3. Data can only replicate to DRP (Direct Replicating Partner means DC which is directly                                    connected ).
4. If there are more than one DRP, then there will be pause for 30 seconds.
5. There should not be more than 3 hops between DRP.
NOTE: Hop means routers between source and destination or routers which are actually use to pass our packet to destination.


--------------------------------------------------------------------------------------------------------

To check Operation Master or FSMO roles :-

RUN   cmd    ->           netdom   query   fsmo    <┘


To transfer  FSMO role :-

RUN   cmd    ->

ntdsutil
roles
connections

connect to server  dc2.xyz.com  
  (FQDN of destination DC to which FSMO roles has to be transfer)

quit
transfer  pdc 
transfer  rid master
transfer  infrastructure master
transfer  schema master
transfer  naming master
quit
quit
exit

NOTE: We can transfer all 5 FSMO roles to ADC , if required but  we must transfer Infrastructure Master to ADC if we have more than one DC.

To upgrade ADC into GCS , if GCS is available :-
Open AD sites and services  -> Server   -> DC name   -> Double click  -> ntds settings  ->
Properties   -> Select  Global Catalog   -> OK



To upgrade ADC into GCS , if GCS will fail  :-
Step1        Transfer all 5 FSMO roles to ADC but use seize  in place  of   transfer
Step2        Open AD sites and services  -> Server   -> DC name   -> Double click  -> ntds                   settings  ->  Properties   -> Select  Global Catalog   -> OK      



NOTE:  We can check and transfer FSMO roles in GUI mode also.

To check PDC, Infrastructure and RID masters :-
AD users and computers  -> Domain name  -> Rt. click -> Operation Master

To check Domain Naming Master :-
AD Domains and Trusts  -> Rt. click on AD domains and trusts   -> Operation Master

To check Schema Master :-
step1  RUN    regsvr32   schmmgmt.dll
step2  RUN    mmc     ->  File menu    -> Add/Remove snap-in   -> Select AD Schema  ->
         Add  -> Console Root   -> Rt. click on AD schema  -> Operation Master

NOTE:-
After running seize command in DC, we have to remove AD properly  to again utilize its hardware or this server machine.












Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)